随手记
高德webapi
<https://restapi.amap.com/v3/direction/walking?origin=116.434307,39.90909&destination=116.434446,39.90816&key=这里写key>
高德jsapi:
<https://restapi.amap.com/v3/geocode/regeo?key=这里写key&s=rsv3&location=116.434446,39.90816&callback=jsonp_258885_&platform=JS>
高德小程序定位:
<https://restapi.amap.com/v3/geocode/regeo?key=这里写key&location=117.19674%2C39.14784&extensions=all&s=rsx&platform=WXJS&appname=c589cf63f592ac13bcab35f8cd18f495&sdkversion=1.2.0&logversion=2.0>
百度webapi:
<https://api.map.baidu.com/place/v2/search?query=ATM机&tag=银行®ion=北京&output=json&ak=这里写key>
百度webapiIOS版:
<https://api.map.baidu.com/place/v2/search?query=ATM机&tag=银行®ion=北京&output=json&ak=这里写key=iPhone7%2C2&mcode=com.didapinche.taxi&os=12.5.6>
腾讯webapi:
<https://apis.map.qq.com/ws/place/v1/search?keyword=酒店&boundary=nearby(39.908491,116.374328,1000)&key=这里写key>
奇安信hunter:
(web.body="webapi.amap.com"||web.body="api.map.baidu.com"||web.body="apis.map.qq.com"||web.body="map.qq.com/api/js?v=")&&domain.suffix="根域名替换"
fofa:
(body="webapi.amap.com"||body="api.map.baidu.com"||body="apis.map.qq.com"||body="map.qq.com/api/js?v=")&&domain="根域名替换"
寻找漏洞赏金计划
inurl:/bug bounty
inurl:/security
inurl:security.txt
inurl:security "reward"
Bug Bounty program "reward"
inurl:/responsible disclosure
inurl:/responsible-disclosure/ reward
inurl:/responsible-disclosure/ swag
inurl:/responsible-disclosure/ bounty
responsible disclosure "reward" site:com
responsible disclosure hall of fame
"powered by bugcrowd" -site:bugcrowd.com
"submit vulnerability report"
"submit vulnerability report" | "powered by bugcrowd" | "powered by hackerone"
generic
473 Bytes
© Guge's Blog
发现管理面板,继续使用 Waybackurl 搜索该站点,结果只显示了robots.txt 文件 ,小哥有点失望。于是开始在 Dirsearch 的帮助下进行目录探测。发现一个 /adminpage 的目录
发现SQL注入
存在waf,使用到了%0A绕过,a标签替换,javascript伪协议绕过,confirm替换,这种绕过方式可以过部分waf
<a href="javascript:confirm(document.cookie);">test</a>
经过url转码以及添加%0a后:
%3Ca%20href%3D%22javas%0Acript%3Aconfirm(document.cookie)%3B%22%3Etest%3C%2Fa%3E
可以批量打cookie,盗取cookie上线,危害巨大
四、Bypassing the 2FA /MFA — An Easy win
连续爆破验证码 200 多次 就可以登录了(也是奇葩 这种程序)
ssl:redacted.com "200"